diff options
| author | thomascube <thomas@roundcube.net> | 2007-11-25 17:34:19 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2007-11-25 17:34:19 +0000 |
| commit | c5799618997716288169b6fbcd1251f76788cd49 (patch) | |
| tree | 79e74cc848f8b6322ff223b77e300bd4e2a854b4 /program/include | |
| parent | 76b6bff70b3f7d8ff7eed261f7f9896cccae21f9 (diff) | |
Fixed some potential security risks + updatedd changelog
Diffstat (limited to 'program/include')
| -rw-r--r-- | program/include/main.inc | 2 | ||||
| -rw-r--r-- | program/include/rcmail_template.inc | 4 | ||||
| -rw-r--r-- | program/include/rcube_html.inc | 8 |
3 files changed, 5 insertions, 9 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index 49dd2aaff..f0c603090 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1432,7 +1432,7 @@ function rcmail_get_edit_field($col, $value, $attrib, $type='text') // use value from post if (!empty($_POST[$fname])) - $value = $_POST[$fname]; + $value = get_input_value($fname, RCUBE_INPUT_POST); $out = $input->show($value); diff --git a/program/include/rcmail_template.inc b/program/include/rcmail_template.inc index 15752f8bc..558bd4bf6 100644 --- a/program/include/rcmail_template.inc +++ b/program/include/rcmail_template.inc @@ -831,12 +831,12 @@ function rcmail_login_form($attrib) } } - $fields['host'] = isset($select_host) ? $select_host->show($_POST['_host']) : null; + $fields['host'] = isset($select_host) ? $select_host->show(get_input_value('_host', RCUBE_INPUT_POST)) : null; } else if (!strlen($CONFIG['default_host'])) { $input_host = new textfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30)); - $fields['host'] = $input_host->show($_POST['_host']); + $fields['host'] = $input_host->show(get_input_value('_host', RCUBE_INPUT_POST)); } $form_name = strlen($attrib['form']) ? $attrib['form'] : 'form'; diff --git a/program/include/rcube_html.inc b/program/include/rcube_html.inc index a31594a56..18983a15a 100644 --- a/program/include/rcube_html.inc +++ b/program/include/rcube_html.inc @@ -292,10 +292,6 @@ class rcube_form_element if ((strpos($key,'on')===0 && $value=='')) continue; - // encode textarea content - if ($key=='value') - $value = Q($value, 'strict', FALSE); - // attributes with no value if (in_array($key, array('checked', 'multiple', 'disabled', 'selected', 'nowrap'))) { @@ -304,11 +300,11 @@ class rcube_form_element } // don't convert size of value attribute else if ($key=='value') - $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $value); + $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), Q($value, 'strict', false)); // regular tag attributes else - $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $this->_conv_case($value, 'value')); + $attrib_arr[] = sprintf('%s="%s"', $this->_conv_case($key, 'attrib'), $this->_conv_case(Q($value), 'value')); } return sizeof($attrib_arr) ? ' '.implode(' ', $attrib_arr) : ''; |